Flow based traffic over vpn

DjaneDu · ‎2023-03-22

Hi All,

Good day to you. I have a question regarding the below scenario and it would be great if you can provide me a brief solution for this.

I have 5 checkpoint firewalls and want to send all the internet traffic of 4 firewalls from a 1 single centrally located firewall.

Scenario 1

Let's say I put all those traffic via a site-to-site VPN from all the other 4 firewalls to a 1 central firewall without using a smart management server. In this kind of a scenario, will i be able to send the flow traffic(for the log gathering purpose) or syslog based traffic over the same VPN tunnels to the same central location so that I would be able to export those logs.

Scenario 2

Let's say I have SMS in the central location and the only centrally located firewall that can route to the internet. Let's say that all the firewalls are needed to be added under that SMS. How I am going to get the logs from the other 4 locations to the central located gateway and SMS. Sorry if my scenarios are wrong but please explain a possible scenario.

PhoneBoy · ‎2023-03-27

Theoretically, you can set up SIC with an external log server (i.e. not one managed by the same SMS).
This mentions SmartEvent, but much of the setup is similar for just a log server: https://support.checkpoint.com/results/sk/sk35288

If the gateways are all managed by the same SMS, then the logs will actually flow via SIC (which is already encrypted) and NOT through the VPN tunnel.
However, your management server will need some sort of static NAT accessible by the remote gateways.

Are you a member of CheckMates?

Flow based traffic over vpn